Re: ETSI on Minimum Requirements for European ENUM Trials

To: Richard Shockey <
>

From: Jim Reid <
>

Date: Thu, 24 Oct 2002 08:22:36 -0700

Cc: David Conrad <
>Stastny Richard <
>

>>>>> "Richard" == Richard Shockey richard@localhost writes:
Richard> I worry that some will use the DNSSEC issue to delay or
Richard> stall ENUM deployments by arguing .."Well if you cant
Richard> deploy DNSSEC..you cant deploy ENUM" and I do not believe
Richard> that is true.
Given the politics of ENUM, no matter what happens with DNSSEC someone
will find excuses to stall deployment: "well if you can't prevent DNS
spoofing or provide an idea of how you're going to prevent that, you
can't deploy a production ENUM system". [I'd expect most people who
care about E.164 integrity would take that view.] In some quarters
anything will be used as excuses for stalling the roll-out of ENUM. So
we're damned if we do and damned if we don't.
Richard> I dont like the two issues so closely linked.
Although the ENUM and DNSSEC protocols are orthogonal, the fact is
they will need to be joined at the hip before production ENUM services
can start. If we accept DNS spoofing would be very bad for ENUM and
telephony-like services in general, it follows that DNSSEC has to be
deployed to prevent those spoofing attacks. There's nothing else which
can solve that problem any time soon. That's why I strongly support
the inclusion of DNSSEC in trials. This stuff needs to be evaluated
so triallists can gain operational experience in handling signing
policies, key management and so on.